LDAP Programming in Python

You've heard about the next generation
directory protocol called LDAP (lightweight directory access
protocol), and you're wondering if it's possible to write programs
that can interact with it. Maybe you've even set up an LDAP server
of your own, and now you want to write programs for it. To these
ends, this article gets you ready to write your own programs to
automate the querying process of LDAP servers. Hopefully, it also
provides you with a solid foundation for extending your knowledge
to write configuration scripts and whatever else you want to do
with LDAP.

Most major programming languages have an LDAP API, but I
chose to use Python
because it is perhaps the easiest and clearest language with which
to demonstrate. If you do not already understand the basics of the
Python programming language and
LDAP,
you probably should come back to this tutorial after you have
become better acquainted with them.

Meet python-ldap

Writing programs that access LDAP servers is easy to do using
Python and
python-ldap.
The python-ldap package contains a module that wraps the
OpenLDAP
C API and provides an object-oriented client API to
interact with LDAP directory servers. The package also contains
modules to do other tasks related to LDAP, such as processing LDIF,
LDAPURLs and LDAPv3 schemes and more.

Currently, standard implementations of Python do not come
with python-ldap, but you can download it as a third-party package
from
SourceForge.

A Simple python-ldap Application

The best way to learn is to write an example program, so
let's write a small and complete program to fetch some specific
contact information from an LDAP server. Because indentation
matters in Python, all the code given below is indented, so copy it
as you see it.

The first thing we need to do is import the ldap module. So
open your favorite text editor and type import
ldap. For this program, we need to create two simple
functions:

a main() function that binds the program to an LDAP
server and calls a search function

a function called my_search() that is used to
retrieve/display data from the server.

Let's create our main function and set up variables to
authenticate with the LDAP server by using def
main():.

If you are using a public server, you can leave the values
for the who and cred blank. You can get a list of some public LDAP
servers
here

. It looks something like this:

server = "ldap.somewhere.edu"
who = ""
cred = ""

Now we need to make a keyword set to what we want our search
string to be. I use my first name for this sample program:

keyword = "ryan"

Next, we need to bind to the LDAP server. Doing so creates an
object named "l" that is then used throughout the program.

Having written our main function, we now can create our
search function:

def my_search(l, keyword):

In a moment we will be calling python-ldap's built-in search
method on our l object. Four variables--base, scope, filter and
retrieve_attributes--are the parameters of that search method. Base
is used for the DN (distinguished name) of the entry where the
search should start. You can leave it blank for this
example:

base = ""

For scope we use SCOPE_SUBTREE to search the object and all
its descendants:

scope = ldap.SCOPE_SUBTREE

Our search filter consists of a cn (common name) and our
keyword. Putting asterisks around our keyword (ryan) will match
anything with the string ryan, such as Bryant.

filter = "cn=" + "*" + keyword + "*"

The last argument we pass to the search method is used to
return all the attributes of each entry:

retrieve_attributes = None

Now, let's setup a few more variables, including a counter to
keep track of the number of results returned:

count = 0

a list to append the results to:

result_set = []

and a variable to specify the length, in seconds, we're
willing to wait for a response from the server:

timeout = 0

Now we can begin our search by calling python-ldap's search
method on our l object:

Comment viewing options

thanks very much, I tried your code, it works well. But when I learn it from someother ldap server, i found that i cann't use the base="", I must write the concrete base if i want it to work. I really want to know what is the problem. I googled for this question, failed to get the reson, could you help me. I am really confused about this: why you said, in this example: base can be "". fortunately, the first example I tried with "" is also ok. I am a fresh bird, can someone help me?? That will be very appreciated.